SOCI ACT & AESCSF COMPLIANCE FOR CRITICAL ENERGY INFRASTRUCTURE /
PROJECT overview
Tier16 was engaged by an integrated energy company operating generation, wind, and storage assets to support compliance with Australia’s Security of Critical Infrastructure (SOCI) Act and alignment with the Australian Energy Sector Cyber Security Framework (AESCSF).
The engagement focused on improving the organisation’s Operational Technology (OT) cyber security and infrastructure resilience across multiple sites, addressing increasing regulatory obligations and growing cyber threats to critical energy infrastructure.
Tier16’s role encompassed assessing the existing OT environment, defining a compliant target state, and delivering a scalable OT architecture and cyber security roadmap aligned to both regulatory and operational requirements.
CLIENT CHALLENGE
The client faced several challenges in meeting SOCI Act obligations across a diverse and geographically distributed asset portfolio.
OT environments had evolved organically over time, resulting in inconsistent architectures, limited documentation, and varying levels of cyber maturity.
Multiple stakeholders across IT, OT, Asset Management, and Cyber Security teams had competing priorities, making it difficult to align operational needs with regulatory compliance.
Several sites lacked accurate or up-to-date network diagrams, reducing visibility into device connectivity, communication pathways, and potential cyber risks.
The client required a defensible, auditable approach to identifying critical assets, assessing risk, and demonstrating compliance under the SOCI Act and AESCSF.
TIER 16 SOLUTION
Tier16 delivered a structured, site-specific OT program focused on governance, architecture, and risk reduction.
Acting as a trusted OT advisory Tier16 developed a site-specific OT Network Reference Architecture that clearly defined how hardware and software systems manage and control physical processes, while aligning with AESCSF SP-2 governance and control requirements.
The engagement combined strategic assessment with practical remediation, enabling compliance without disrupting operational performance.
Through collaborative workshops and on-site assessments, Tier16 successfully aligned IT, OT, Asset Management, and Cyber Security teams around a unified, compliant OT architecture.
The project scope included:
Framework Documents:
- Develop an OT Governance and controls framework
- Develop an OT Network and security architecture framework
- Develop an OT Asset management framework
SITE ASSESSMENT Documents:
- Develop a detailed site assessment framework
- Develop site specific current state architecture diagrams
- Develop site specific critical asset report
- Perform gap and risk assessments for each site
rectification works:
- Develop rectification work packages to cover gaps
- Determine work package effort and budget estimates
- Develop package remediation roadmap for work packages
WORK PACKAGE SUMMARY:
OT Governance and policy framework
OT Operating Model
Asset Management enhancements
Infrastructure and Platform management
Centralised Network monitoring and management
Ot Configuration management
OT Security monitoring and incident response
Backup and Disaster Recovery program
PROJECT OUTCOMES & IMPACT
Tier16’s engagement enabled the client to meet regulatory obligations while strengthening the resilience of critical energy infrastructure.
Regulatory Compliance Enablement: Delivered a clear, auditable framework aligned with SOCI Act requirements and AESCSF maturity objectives.
Improved OT Visibility and Risk Management: Enhanced visibility of OT assets, network communications, and cyber risks across generation, wind, and storage sites.
Cross-Functional Alignment: Successfully harmonised IT, OT, Asset Management, and Cyber Security teams around a shared architecture and governance model.
Scalable OT Architecture: Established a consistent, site-specific OT architecture framework that can be applied across existing and future assets.
Strengthened Critical Infrastructure Protection: Improved protection against cyber threats, physical risks, and operational disruptions, supporting long-term reliability and energy transition goals.
Client testimonial /
Tier 16 have brought a wealth of expertise in a very niche area, enabling us to consistently and clearly, articulate our OT architecture in a variety of important artefacts.
The skill set of the Tier 16 team has been able to supplement our technical teams in order to complete this challenging task, which we would not have been able to achieve so quickly without them. Their deep experience in this area and adaptability to changing schedules and priorities have been critical to our success. Rob P.